Drata

This test is part of the <b>System Monitoring </b>control (DCF-86) that ensures production systems and resources are monitored and automated alerts are sent out personnel based on pre-configured rules. Events are triaged to determine if they constitute an incident and escalated per policy if necessary.

If Drata finds that one or more AWS database clusters or instances do not have a CloudWatch metric alarm for writes I/O configured with a subscription to an SNS topic, the test will fail.

Sign in to <a href="https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fus-east-2.console.aws.amazon.com%2Fcloudwatch%2F%3Fregion%3Dus-east-2%26state%3DhashArgs%2523%26isauthcode%3Dtrue&amp;client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Fcloudwatch&amp;forceMobileApp=0&amp;code_challenge=DKz-H_rF8ZTt4nbXSJUSLKmV17mdC84KGxHkzGvOrxo&amp;code_challenge_method=SHA-256" target="_blank" rel="nofollow noopener noreferrer">CloudWatch console</a>.

Create an alarm by selecting 'Alarm' then 'Create alarm' from the navigation panel.

Click 'select metric' &gt; 'RDS' &gt; 'Per-Cluster Metrics' and select your DB cluster or instance identifier then select 'WriteIOPS' metric.

Specify conditions by setting threshold type, defining threshold value, setting the period, and setting the evaluation periods.

Choose an existing SNS topic or create a new one to subscribe to.

Give your alarm a name, review your settings, and finish creating the alarm.

Repeat for each failing DB instance or cluster

1. Sign in to <a href="https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fus-east-2.console.aws.amazon.com%2Fcloudwatch%2F%3Fregion%3Dus-east-2%26state%3DhashArgs%2523%26isauthcode%3Dtrue&amp;client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Fcloudwatch&amp;forceMobileApp=0&amp;code_challenge=DKz-H_rF8ZTt4nbXSJUSLKmV17mdC84KGxHkzGvOrxo&amp;code_challenge_method=SHA-256" target="_blank" rel="nofollow noopener noreferrer">CloudWatch console</a>.
2. Create an alarm by selecting 'Alarm' then 'Create alarm' from the navigation panel.
3. Click 'select metric' &gt; 'RDS' &gt; 'Per-Cluster Metrics' and select your DB cluster or instance identifier then select 'WriteIOPS' metric.
4. Specify conditions by setting threshold type, defining threshold value, setting the period, and setting the evaluation periods.
5. Choose an existing SNS topic or create a new one to subscribe to.
6. Give your alarm a name, review your settings, and finish creating the alarm.
7. Repeat for each failing DB instance or cluster

Drata validates that AWS database clusters and database instances have a CloudWatch metric alarm for writes I/O for each cluster or instance

ASSOCIATED DRATA CONTROL

WHAT TO DO IF A TEST FAILS

STEPS TO REMEDIATE